📦 Curl
by Haxx
🔍 What is Curl?
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
libcurl incorrectly closes the same eventfd file descriptor twice during threaded name resolution cleanup, causing a use-after-free condition. This vulnerability affects applications using libcurl wit...
A vulnerability in curl versions before 7.88.0 causes HSTS (HTTP Strict Transport Security) to fail when processing multiple URLs sequentially on the same command line. This allows sensitive informati...
This vulnerability in libcurl allows an attacker to cause memory corruption or data leakage when reusing a handle from a PUT to a POST request. Applications using libcurl for HTTP(S) transfers with re...
CVE-2022-32207 is a privilege escalation vulnerability in curl versions before 7.84.0 where file permission widening occurs during atomic file operations. When curl saves cookies, alt-svc, or hsts dat...
A denial-of-service vulnerability in libcurl's WebSocket implementation allows a malicious server to send a crafted packet that traps libcurl in an endless busy-loop. This affects any application usin...
CVE-2024-2398 is a memory leak vulnerability in libcurl that occurs when HTTP/2 server push headers exceed the 1000-header limit. This allows attackers to cause denial of service through resource exha...
CVE-2023-38039 is a memory exhaustion vulnerability in curl/libcurl where a malicious server can send unlimited HTTP headers, causing curl to consume all available heap memory and crash. This affects ...
CVE-2023-28319 is a use-after-free vulnerability in curl/libcurl versions before 8.1.0 that occurs during SSH server public key verification. When verification fails, curl frees memory containing the ...
A path traversal vulnerability in curl's SFTP implementation allows attackers to bypass path filtering by using specially crafted paths containing tilde characters. This affects curl versions before 8...
A vulnerability in curl versions before 8.0 allows attackers to inject malicious content during TELNET protocol negotiation when user input is accepted. This could lead to arbitrary code execution on ...
The curl URL parser incorrectly accepts percent-encoded URL separators like '/' in hostnames, allowing attackers to bypass filters and checks by making malicious URLs appear legitimate. This affects a...
libcurl incorrectly reuses TLS/SSH connections when security settings have changed, potentially allowing sensitive data to be transmitted over less secure connections. This affects any application usi...
This curl vulnerability allows information disclosure when an attacker can force curl to reuse an existing IPv6 connection from the pool with a different zone identifier, potentially exposing sensitiv...
This vulnerability in curl versions before 7.83.1 could cause the wrong file to be deleted when using the --no-clobber option with --remove-on-error. It affects systems using curl with these specific ...
This vulnerability allows attackers to trick libcurl applications into using a malicious client certificate instead of the intended one when running in writable directories like /tmp. It affects appli...
CVE-2021-22901 is a use-after-free vulnerability in curl/libcurl that allows a malicious TLS 1.3 server to potentially execute arbitrary code on the client. This affects curl clients using OpenSSL wit...
This vulnerability in libcurl allows SSH-based transfers (SCP/SFTP) to accept connections to hosts not listed in the specified known_hosts file if those hosts exist in the global libssh known_hosts fi...
This vulnerability in curl allows OAuth2 bearer tokens to be incorrectly passed during cross-protocol redirects from HTTP(S) to IMAP, LDAP, POP3, or SMTP protocols. Attackers could potentially interce...
A TLS certificate validation vulnerability in libcurl where reusing easy or multi handles with altered CURLSSLOPT_NO_PARTIALCHAIN options could cause libcurl to incorrectly reuse cached CA stores with...
CVE-2025-14017 is a thread safety vulnerability in libcurl's LDAPS implementation where TLS option changes in one thread affect all concurrent LDAPS transfers globally. This allows disabling certifica...
A certificate pinning bypass vulnerability in curl allows attackers to impersonate servers when specific conditions are met. The vulnerability affects users who explicitly disable standard certificate...
CVE-2025-10966 is a vulnerability in curl's SSH connection management when using SFTP with the wolfSSH backend, where host verification mechanisms were missing. This allows man-in-the-middle (MITM) at...
A vulnerability in curl's WebSocket implementation uses a fixed 32-bit mask pattern for all outgoing frames instead of generating new random masks per frame as required by the WebSocket specification....
libcurl versions 8.9.0 through 8.10.0 fail to verify TLS certificates for QUIC connections when URLs contain IP addresses instead of hostnames. This allows man-in-the-middle attackers to intercept and...
Curl incorrectly uses SSH agent authentication for SCP/SFTP transfers even when explicitly configured for public key authentication. This allows attackers with access to the SSH agent to authenticate ...
This vulnerability in curl versions before 8.1.0 causes information disclosure when reusing a handle between PUT and POST requests. It affects applications using libcurl for HTTP(S) transfers where th...